Thanks for the response Aaron. On Mon, Feb 23, 2009 at 11:34 AM, Aaron Turner <[email protected]> wrote: > In my experience, sending packets on eth0 causes the packet to bypass > the TCP/IP stack and be sent out sight unseen. Hence, you won't be > able to inject packets into a TCP stream with the target of the local > host.
Well that kind of sucks. =( It seems weird that an outgoing packet like this could be filtered by the kernel. What criteria does a packet like this fit for it to be filtered out? (e.g. it doesn't match a TCP connection, but obviously it does in this case.) The only thing I can think of is that the kernel uses a different incoming adapter (really low level?) than libpcap, which sounds wrong since libpcap should be operating at the lowest possible layer, right? > Sending packets via loopback might work- I've never tried that to be > honest. I'm not really sure if you can inject standard ethernet > frames or you need to convert to Linux's cooked SLL header format. > You might try setting the destination MAC to that of eth0 and see if > the kernel will route it for you. Tried sending an incoming packet to lo, no go either. It's the same packet as if I had sent it on eth0. Should I perhaps be changing the MAC address to the one on lo? What do packets even look like on the lo? In that SLL format? I can't think of any application that uses lo for communication that I can use Windump to look at. Thanks, Oliver - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
